MSBlast, aka the Blaster Worm and Lovesan, was a virus that targeted Windows XP and Windows 2000. This was a fast-spreading worm that spread quickly through networks. Unlike previous worms like Nimda and Slammer, this one also focused on home users.
It’s said that MSBlast was created when “security researchers from the Chinese group Xfocus reverse engineered the original Microsoft patch that allowed for execution of the attack.” To spread, the worm exploited a Microsoft security buffer overflow flaw. According to wiki, this was discovered by the”Polish security research group Last Stage of Delirium in the DCOM RPC (Remote Procedure Call) service on the affected operating systems, for which a patch had been released one month earlier in MS03-026 and later in MS03-039. This allowed the worm to spread without users opening attachments simply by spamming itself to large numbers of random IP addresses.”
The main symptom of infection from this worm was the shutting down of the computer due to a crash of the RPC. A message would appear explaining that the system was going to restart due to the unexpected termination of the RPC.
MSBlast was also referred to as “Lovesan” because the MSBlast.exe file contained two messages. The first one read, “I just want to say LOVE YOU SAN!!”. The second message read, “billy gates why do you make this possible ? Stop making money and fix your software!!” (as seen in this blog’s image above).